Community discussions

MikroTik App
 
bchoward
just joined
Topic Author
Posts: 7
Joined: Thu May 16, 2013 4:31 am

Experiencing packet loss / extreme slow-downs intermittently - help?

Mon Mar 21, 2022 10:30 pm

I've been using pretty much the same basic configuration for the better part of 7 or 8 years, but over the last few months I've noticed an odd intermittent issue where connections seem to hang for a few seconds at a time.

Although there were some ISP issues as well, I'm pretty sure at this point that the bulk of my problem is internal. Pinging from a wireless client or wired to the router (only about 15 feet away in clear line of sight) will show packet loss (or about as often, packets with a RTT of like 5-30 seconds).

Oddly, this problem seems worse when there is a lot of traffic going out externally. For example, I often watch youtube on a computer attached to my TV, controlled by a laptop over ScreenSharing. When ads play or a new video is loading, the screen sharing connection often falters, and pinging the router shows lots of delay/loss.

My sanitized configuration is below, but for context:

My DSL modem (with a miserable speed of only about 450kps) connects to a RB2011's port 10. That port is on the WAN bridge (I used to have some other hosts with public IPs on here, but not currently). There is a LAN bridge connecting internal hard-wired hosts, along with an internal wireless network. I also have a second separate wireless network for IOT devices on a different subnet. Since the RB2011 cannot reach the back part of my apartment, I have an ethernet cord going back there to a MAP, which has wired clients and two wireless networks. One wireless network is bridged to the local wired clients and to a VLAN along the cord connecting back to the RB2011, the other wireless network is run through a second VLAN back to the RB2011 where it is on a shared bridge with the RB2011's IOT wlan.


I previously had a lot of queueing logic for application- and host-specific bandwidth limiting, but I've cut all of that out in my quest to diagnose this problem. This happens regularly when even only one device is using any appreciable bandwidth.


I've masked my public IPs below with 1.2.3, masked my passwords, and removed a bunch of DHCP static leases, but otherwise this is what I'm running.


Any guidance on what I might be doing wrong?

[admin@MikroTik] > export
# mar/21/2022 13:11:40 by RouterOS 6.49.2
# software id = 0TCC-EHR8
#
# model = 2011UAS-2HnD
/interface bridge
add name="IOT bridge"
add admin-mac=D4:CA:6D:XX:XX:XX auto-mac=no fast-forward=no mtu=1500 name="LAN bridge"
add admin-mac=D4:CA:6D:XX:XX:XX auto-mac=no fast-forward=no mtu=1500 name="WAN bridge" protocol-mode=\
    none
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-g/n channel-width=20/40mhz-XX country=\
    "united states3" disabled=no disconnect-timeout=5s distance=indoors frequency=auto installation=\
    indoor mode=ap-bridge ssid=APrettyGoodWeekendInVegas station-roaming=enabled tx-power=10 \
    tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
add keepalive-frames=disabled mac-address=D6:CA:6D:9C:43:60 master-interface=wlan1 \
    multicast-buffering=disabled name=wlan3 ssid=APrettyGoodWeekendInVegas station-roaming=enabled \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface ethernet
set [ find default-name=ether1 ] comment=Woz name=ether01-master
set [ find default-name=ether2 ] comment=Jobs name=ether02
set [ find default-name=ether3 ] comment="Synology DS 1819" name=ether03
set [ find default-name=ether4 ] comment="Hyperion and back room hub" disabled=yes name=ether04
set [ find default-name=ether5 ] comment="Amphora and annex hub" name=ether05
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="xbox and tv hub" name=\
    ether06-master
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="to table" name=ether07
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="backroom MAP" name=ether08
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="work laptop hardwired" name=\
    ether09
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="DSL modem" name=\
    "ether10-WAN connection"
set [ find default-name=sfp1 ] disabled=yes speed=100Mbps
/interface wireless nstreme
set wlan1 enable-polling=no
/interface vlan
add interface=ether08 name=vlan-IOT vlan-id=20
add interface=ether08 name=vlan-internal vlan-id=10
/interface list
add name="Internal Interfaces"
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=mypassword \
    wpa2-pre-shared-key=mypassword
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys \
    name=iot supplicant-identity="" wpa2-pre-shared-key= mypassword
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=dynamic-keys name=\
    legacy-temp supplicant-identity="" wpa2-pre-shared-key= mypassword
/interface wireless
add comment=IOT disabled=no keepalive-frames=disabled mac-address=D6:CA:6D:XX:XX:XX master-interface=\
    wlan1 multicast-buffering=disabled name=wlan2 security-profile=iot ssid=CRM114Discriminator \
    station-roaming=enabled wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface wireless manual-tx-power-table
set wlan2 comment=IOT
/interface wireless nstreme
set *12 comment=IOT
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=172.18.1.150-172.18.1.199
add name=vpn ranges=172.18.1.140-172.18.1.149
add name=iot-wlan ranges=172.17.1.50-172.17.1.250
add name=wlan3 ranges=172.16.1.50-172.16.1.250
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no interface="LAN bridge" \
    lease-time=3d name=DHCP-LAN src-address=172.18.1.1
add address-pool=wlan3 interface=wlan3 lease-time=1d name=DHCP-wlan3 src-address=172.16.1.1
add address-pool=iot-wlan disabled=no interface="IOT bridge" lease-time=1d name=DHCP-iot src-address=\
    172.17.1.1
/ppp profile
add bridge="LAN bridge" dns-server=208.201.224.11 local-address=default-dhcp name=profile1 \
    remote-address=vpn use-encryption=required
/queue type
add kind=sfq name=SFQ
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge="LAN bridge" comment="xbox and TV hub" interface=ether06-master
add bridge="LAN bridge" interface=wlan1
add bridge="LAN bridge" comment=Woz interface=ether01-master
add bridge="WAN bridge" comment="DSL modem" hw=no interface="ether10-WAN connection"
add bridge="LAN bridge" comment="hyperion and back room" disabled=yes interface=ether04
add bridge="LAN bridge" comment=Amphora hw=no interface=ether05
add bridge="LAN bridge" comment=Jobs interface=ether02
add bridge="LAN bridge" comment="synology 8bay" interface=ether03
add bridge="LAN bridge" comment="to table" interface=ether07
add bridge="LAN bridge" comment="work laptop" interface=ether09
add bridge="LAN bridge" interface=vlan-internal
add bridge="IOT bridge" interface=vlan-IOT
add bridge="IOT bridge" interface=wlan2
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=discover

/interface list member
add interface="LAN bridge" list="Internal Interfaces"
add interface=ether01-master list="Internal Interfaces"
add interface=ether02 list="Internal Interfaces"
add interface=ether03 list="Internal Interfaces"
add interface=ether04 list="Internal Interfaces"
add interface=ether05 list="Internal Interfaces"
add interface=ether06-master list="Internal Interfaces"
add interface=ether07 list="Internal Interfaces"
add interface=ether08 list="Internal Interfaces"
add interface=ether09 list="Internal Interfaces"
add interface=wlan1 list="Internal Interfaces"
add interface=sfp1 list=discover
add interface=ether01-master list=discover
add interface=ether02 list=discover
add interface=ether03 list=discover
add interface=ether04 list=discover
add interface=ether05 list=discover
add interface=ether06-master list=discover
add interface=ether07 list=discover
add interface=ether08 list=discover
add interface=ether09 list=discover
add interface="ether10-WAN connection" list=discover
add interface="LAN bridge" list=discover
add interface="WAN bridge" list=discover
/ip address
add address=172.18.1.1/24 comment="Internal private range" interface="LAN bridge" network=172.18.1.0
add address=1.2.3.29/24 comment="NAT outlet" interface="WAN bridge" network=1.2.3.0
add address=172.17.1.1/24 comment="Address range for second iot virtual wlan" interface="IOT bridge" \
    network=172.17.1.0
add address=172.16.1.1/24 comment="Range for second virtual" disabled=yes interface=wlan3 network=\
    172.16.1.0
/ip dhcp-server lease
...


/ip dhcp-server network
add address=172.16.1.0/24 comment=wlan3 dns-server=172.16.1.1,208.201.224.11,208.201.224.33 gateway=\
    172.16.1.1 netmask=24
add address=172.17.1.0/24 comment=IOT dns-server=172.17.1.1,208.201.224.11,208.201.224.33 gateway=\
    172.17.1.1
add address=172.18.1.0/24 comment="default configuration" dns-server=\
    172.18.1.1,208.201.224.11,208.201.224.33 gateway=172.18.1.1
/ip dns
set allow-remote-requests=yes servers=208.201.224.33,208.201.224.11

/ip firewall address-list
add address=1.2.3.24/29 list=MyPubIPs
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Experimental FastTrack rules for est/rel" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "Established/related connections allowed on input and forward" connection-state=\
    established,related dst-address-list=MyPubIPs
add action=accept chain=input connection-state=established,related dst-address=1.2.3.29 \
    in-interface="WAN bridge"
add action=accept chain=input comment="Accept traffic to RB on internal network" dst-address=\
    172.18.1.1 in-bridge-port=ether06-master in-interface="LAN bridge"
add action=drop chain=input comment="Drop all other traffic from public to RB at .29" dst-address=\
    1.2.3.29 in-bridge-port="ether10-WAN connection" in-interface="WAN bridge"
add action=drop chain=forward comment="DROP traffic coming IN on eth10 claiming to be from my ips" \
    in-bridge-port="ether10-WAN connection" in-interface="WAN bridge" src-address=1.2.3.24/29
add action=drop chain=forward comment="DROP traffic coming IN on eth10 claiming to be internal" \
    in-bridge-port="ether10-WAN connection" in-interface="WAN bridge" src-address=172.18.1.0/24
add action=accept chain=forward comment="wlan2 rule" dst-address=172.17.1.0/24 in-interface=\
    "WAN bridge"
add action=accept chain=forward comment="Allow internal traffic out -- NOTE:  by the time of the FORWA\
    RD chain, packets have already been bridged to the output interface" src-address=172.18.1.0/24
add action=accept chain=forward comment="Allow internal traffic out" dst-address=172.18.1.0/24 \
    in-bridge-port="ether10-WAN connection" in-interface="WAN bridge"
add action=accept chain=forward comment="traffic within 1.2.3.24/29 allowed;  Rule unlikely to be\
    \_triggered since most intra-net traffic is hardware bridged by the grouped ports and internal tra\
    ffic still has the 172 address" dst-address=1.2.3.24/29 src-address=1.2.3.24/29
add action=reject chain=forward comment="REJECT other traffic to Jobs" dst-address=1.2.3.27 \
    in-bridge-port="ether10-WAN connection" in-interface="WAN bridge" reject-with=\
    icmp-host-unreachable
add action=reject chain=forward comment="REJECT other traffic to imac" dst-address=1.2.3.24 \
    in-bridge-port="ether10-WAN connection" in-interface="WAN bridge" reject-with=\
    icmp-host-unreachable
add action=reject chain=forward comment="Drop other traffic to .25" dst-address=1.2.3.25 \
    in-interface="WAN bridge" reject-with=icmp-network-unreachable
add action=reject chain=forward comment="REJECT other traffic to QS" dst-address=1.2.3.26 \
    in-bridge-port="ether10-WAN connection" in-interface="WAN bridge" reject-with=\
    icmp-host-prohibited
add action=drop chain=forward comment="BOTTOM Default drop all rule for WAN in" in-bridge-port=\
    "ether10-WAN connection" in-interface="WAN bridge"
add action=drop chain=forward comment=\
    "BOTTOM Default drop all rule to prevent my public ip internal traffic leakage" dst-address-list=\
    1.2.3.24/29 out-bridge-port="ether10-WAN connection" out-interface="WAN bridge"

/ip firewall nat
add action=src-nat chain=srcnat out-interface="WAN bridge" src-address=172.18.1.0/24 to-addresses=\
    1.2.3.29
add action=src-nat chain=srcnat out-interface="WAN bridge" src-address=172.17.1.0/24 to-addresses=\
    1.2.3.29


/ip route
add distance=1 gateway=1.2.3.1
add distance=1 dst-address=1.2.3.0/24 gateway="WAN bridge" pref-src=1.2.3.29
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote

/system logging
add topics=wireless

Who is online

Users browsing this forum: EmuAGR, synchro and 75 guests